Skip to content

GitHub Advisory Database

Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.

GitHub reviewed advisories

Unreviewed advisories

CC-BY-4.0 License
Language support
About GitHub Advisory Database
Filter advisories

Filter advisories

GitHub reviewed advisories
All reviewed
5,000+
Composer
4,870
Erlang
36
GitHub Actions
36
Go
2,493
Maven
5,000+
npm
4,126
NuGet
735
pip
3,943
Pub
12
RubyGems
945
Rust
1,021
Swift
39
Unreviewed advisories
All unreviewed
5,000+

524 advisories

Loading
Fides Information Disclosure Vulnerability in Config API Endpoint Moderate
CVE-2023-46125 was published for ethyca-fides (pip) Oct 24, 2023
h0wl
Defining resource name as integer may give unintended access in vantage6 Moderate
CVE-2023-28635 was published for vantage6 (pip) Oct 13, 2023
Magento Open Source allows Incorrect Authorization Moderate
CVE-2023-38218 was published for magento/community-edition (Composer) Oct 13, 2023
Mattermost Incorrect Authorization vulnerability Low
CVE-2023-5193 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2023-5194 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Mattermost Incorrect Authorization vulnerability Low
CVE-2023-5159 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Mattermost Incorrect Authorization vulnerability Moderate
CVE-2023-5195 was published for github.com/mattermost/mattermost-server/v6 (Go) Sep 29, 2023
Quarkus HTTP vulnerable to incorrect evaluation of permissions High
CVE-2023-4853 was published for io.quarkus:quarkus-csrf-reactive (Maven) Sep 20, 2023
Apache Airflow Incorrect Authorization vulnerability Moderate
CVE-2023-40611 was published for apache-airflow (pip) Sep 12, 2023
sunSUNQ
Apache Superset has incorrect authorization check Moderate
CVE-2023-32672 was published for apache-superset (pip) Sep 6, 2023
Apache Superset users may incorrectly create resources using the import charts feature Moderate
CVE-2023-27526 was published for apache-superset (pip) Sep 6, 2023
Apache Superset vulnerable to improper data authorization Moderate
CVE-2023-27523 was published for apache-superset (pip) Sep 6, 2023
Apache Superset has improper default REST API permission for Gamma users Moderate
CVE-2023-36387 was published for apache-superset (pip) Sep 6, 2023
OpenNMS privilege escalation vulnerability Moderate
CVE-2023-40315 was published for org.opennms:opennms-webapp-rest (Maven) Aug 17, 2023
Mattermost does not validate requesting user permissions before updating admin details Moderate
CVE-2023-4107 was published for github.com/mattermost/mattermost-server/v6 (Go) Aug 11, 2023
1Panel Arbitrary File Download vulnerability Moderate
CVE-2023-39965 was published for github.com/1Panel-dev/1Panel (Go) Aug 10, 2023
qiulongk
Vyper has incorrectly allocated named re-entrancy locks Critical
CVE-2023-39363 was published for vyper (pip) Aug 9, 2023
trocher
Magento Open Source allows Incorrect Authorization Moderate
CVE-2023-38209 was published for magento/community-edition (Composer) Aug 9, 2023
Field injection in the KirbyData text storage handler High
CVE-2023-38488 was published for getkirby/cms (Composer) Jul 28, 2023
dapatrese
Incorrect permission checks in Qualys Web App Scanning Connector Plugin allow capturing credentials Moderate
CVE-2023-39154 was published for com.qualys.plugins:qualys-was (Maven) Jul 26, 2023
Incorrect Permission Checking for GraphQL Subscriptions Moderate
CVE-2023-38503 was published for directus (npm) Jul 25, 2023
madc
Paths contain matrix variables bypass decorators High
CVE-2023-38493 was published for com.linecorp.armeria:armeria (Maven) Jul 25, 2023
Missing permission check in Jenkins Dimensions Plugin allows enumerating credentials IDs Moderate
CVE-2023-32261 was published for org.jenkins-ci.plugins:dimensionsscm (Maven) Jul 19, 2023
Spring Security's authorization rules can be misconfigured when using multiple servlets High
CVE-2023-34035 was published for org.springframework.security:spring-security-config (Maven) Jul 18, 2023
Apache Pulsar Broker's Rest Producer vulnerable to Incorrect Authorization High
CVE-2023-30428 was published for org.apache.pulsar:pulsar-broker (Maven) Jul 12, 2023
ProTip! Advisories are also available from the GraphQL API
CC-BY-4.0 License
Language support
About GitHub Advisory Database